VCR's cassettes play as the fixture of your tests. You do need to commit them into repository otherwise your tests won't run correctly in others' machine, or only correct there with heavy external dependency which is a violation of testing principle.
Of course you need to hide your credentials from public or team while keeping the above.
The solution is filter_senstive_data
settings and Figaro gem.
At first, This answer from Myron in a similar question can solve your problem largely.
To setup VCR
VCR.configure do |c|
c.filter_sensitive_data("<SOMESITE_PASSWORD>") do
ENV['SOMESITE_PASSWORD']
end
end
The above block of code copied from Myron's answer because I want to add more later
For more about this setting, check the doc https://relishapp.com/vcr/vcr/v/2-5-0/docs/configuration/filter-sensitive-data
Now, for ENV['SOMESITE_PASSWORD']
, it can be real credential by using Figaro gem.
Installation of Figaro will create a file config/application.yml
and add it to .gitignore
. So, you can just input your credential username and password there without risking leaking it to public.